Watcher for absence of data in given time

ghost3h · July 24, 2019, 12:02pm

I have been trying to write a watcher for when my logstash instances go down. Obviously I cant write one to query a field, but need to write it for the lack of data for a given index for a period of time. I have tried several iterations, but none of these work.

    "query": {
        "bool": {
          "must": [
            {
              "query_string": {
                "default_field": "host",
                "query": "*MON011080*"
              }
            },
            {
              "query_string": {
                "default_field": "host",
                "query": "*MON011080*"
              }
            }
          ],
          "filter": {
            "range": {
              "@timestamp": {
                "from": "now-8m",
                "to": "now"
              }
            }
          }
        }
      }

Also tried it with exists, but that doesnt seem to work either. Can anyone steer me in the right direction?

system · August 21, 2019, 12:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ability to alert when no data is being recieved Elasticsearch elastic-stack-alerting	6	4538	March 20, 2018
Elasticsearch indexes - watcher notifications Elasticsearch elastic-stack-alerting	9	1574	September 15, 2017
Watcher alert when count is zero for a bucket Elasticsearch elastic-stack-alerting	2	1812	October 6, 2017
Elasticsearch watcher Elasticsearch	1	311	August 21, 2018
Alert when there is no data in index Kibana elastic-stack-alerting	4	1811	December 4, 2019

Watcher for absence of data in given time

Related topics